Warning these are only simple and generic examples
My spare time is limited so feel free to send examples to: mm _at_ cydonia.vpn.cuore.org and this page will be updated.
Thanks, -mm
default example
[sud.conf]
options {
emergency = "/usr/sbin/ilogin"
etries = 10
daemonize = yes
}
default {
terminal = cons25
}
# sud.unix is where suz tries to connect you by default
# you can connect to another sockfile by using suz -p sockpathname
ilogin {
suipfile = /usr/sbin/ilogin
sockfile = /var/run/sud.unix
nclients = 5
mode = interactive
timeout = 1000
}
# implicit sockfile will be /var/run/login.unix
# implicit pidfile will be /var/run/login.pid
# implicit authgroup will be 0
login {
suipfile = "/usr/bin/login -f root"
mode = interactive
dologin = yes
timeout = 1000
}
# we emulate a suidfile
# passwd doesn't need to be setuid
# our IDs while executing suz on this socket will be:
# real: $myuid (our uid authenticated via getpeereid or
# SO_PEERCRED)
# effective: root
# saved: root
#
# we use implicit sockfile: (/var/run/passwd.unix)
# we use interactive mode in order to set our terminal
# echo to off
passwd {
suipfile = "/usr/bin/passwd"
authgroup = noauth
log = yes
mode = interactive
setuser=$myuid
seteuser = root
setgroup = $mygid
timeout = 300
nclients = 20
}
skey {
suipfile = "/usr/bin/skeyinit -md5"
sockfile = /var/run/skey.unix
pidfile = /var/run/skey.pid
log = yes
mode = interactive
authgroup = noauth
setuser=$myuid
setgroup=$mygid
seteuser=root
timeout = 300
nclients = 20
}
# implicit authgroup is 0
# if you want to disable authentication for a service
# use: authgroup = noauth
#
# we emulate a setgid systat
vmstat {
setuser=$myuid
setgroup=$mygid
setegroup=kmem
suipfile="/usr/bin/systat vmstat"
nclients = 20
mode = interactive
}
16:06:18|507$> ps ax | grep sud
333 ?? Is 0:00.00 /usr/sbin/sud
23948 ?? I 0:00.00 sud: sud service (sud)
30642 ?? I 0:00.00 sud: login service (sud)
3323 ?? I 0:00.00 sud: passwd service (sud)
27866 ?? I 0:00.00 sud: skey service (sud)
25116 ?? I 0:00.01 sud: vmstat service (sud)
8276 p0 R+ 0:00.00 grep sud (bash)
16:06:23|509$> suz
superuser authentication
------------------------
WARNING!
- use superuser privileges only if necessary
- do not leave terminal session logged on
- use encryption for remote connections
- respect privacy
root passwd>
Welcome
WARNING your current pathname is: /root
terminal type: xterm
bash-2.05b# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),
4(adm),6(disk),10(wheel),11(floppy)
bash-2.05b#
16:08:31|510$> suz -p /var/run/passwd.unix
Changing local password for mm.
Old password:
New password:
Retype new password:
16:22:38|511$>
16:40:22|512$> suz -p /var/run/vmstat.unix
1 users Load 0.85 0.55 0.30 Sat Oct 11 16:40:23 2003
memory totals (in KB) PAGING SWAPPING Interrupts
real virtual free in out in out 236 total
Active 83012 83012 251820 ops 100 clock
All 132936 132936 377320 pages rl1
128 rtc
Proc:r d s w Csw Trp Sys Int Sof Flt forks 1 rl0
1 6 19 150 69 594 236 69 2 fkppw pciide0
fksvm 7 pciide0
2.2% Sys 97.7% User 0.0% Nice 0.2% Idle pwait
| | | | | | | | | | | relck
=>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> rlkok
noram
Namei Sys-cache Proc-cache No-cache ndcpy
Calls hits % hits % miss % fltcp
13 11 85 1 8 1 8 zfod
cow
Discs wd0 wd1 128 fmin
seeks 7 170 ftarg
xfers 7 itarg
Kbyte 327 2941 wired
sec 0.0 pdfre
pdscn
|
non-interactive processes
rwserv {
mode = readwrite
suipfile = "/bin/sh"
}
#note the usage of -n option
> echo "hexdump /dev/mem" | suz -np /var/run/rw.serv | tee something
0000000 ed8a f000 ed8a f000 e2c3 f000 ed8a f000
0000010 ed8a f000 ff54 f000 ea79 f000 ea21 f000
0000020 fea5 f000 e987 f000 ed8a f000 ed8a f000
0000030 ed8a f000 ed8a f000 ef57 f000 ff53 f000
0000040 08e8 c000 f84d f000 f841 f000 eed2 f000
0000050 e739 f000 f859 f000 e82e f000 d64f f000
0000060 0100 c800 e6f2 f000 fe6e f000 ff53 f000
0000070 edf2 f000 f0a4 f000 efc7 f000 53f6 c000
0000080 ed8a f000 ed8a f000 ed8a f000 ed8a f000
* bla bla bla
ifmcstat {
mode = command;
setuser = $myuid
setgroup = $mygid
setegroup = kmem
suipfile = "/usr/sbin/ifmcstat"
}
bash-2.05b$ suz -np /var/run/ifmcstat.unix
sis0:
inet6 fe80::20a:e6ff:fe15:abe5%sis0
group ff02::2:8bf6:e295%sis0 refcnt 0
mcast-macaddr 33:33:8b:f6:e2:95 multicnt 1
group ff02::1%sis0 refcnt 0
mcast-macaddr 33:33:00:00:00:01 multicnt 1
group ff02::1:ff15:abe5%sis0 refcnt 0
mcast-macaddr 33:33:ff:15:ab:e5 multicnt 1
lp0:
lo0:
inet6 ::1
inet6 fe80::1%lo0
group ff01::1 refcnt 0
group ff02::1%lo0 refcnt 0
group ff02::1:ff00:1%lo0 refcnt 0
blindserv {
mode = blind
suipfile = "/bin/sh"
}
bash-2.05b$ echo "touch /tmp/hello" | suz -np /var/run/blindserv
bash-2.05b$ ls -l /tmp/hello
-rw-r--r-- 1 root wheel 0 Nov 8 20:28 /tmp/hello
|
logging facilityNov 10 12:23:53 dharma sud[4258]: [ifmcstat] auth req u: mm [1004] g: mm [1004] Nov 10 12:24:02 dharma sud[4262]: [passwd] auth req u: mm [1004] g: mm [1004] Nov 10 12:24:15 dharma stunnel[481]: pop3 connected from 127.0.0.1:49698 Nov 10 12:24:15 dharma sud[4266]: [passwd] auth req u: mm [1004] g: mm [1004] Nov 10 12:24:15 dharma stunnel[481]: Connection closed: 50 bytes sent to SSL, 75 bytes sent to socket |